Skip to main content
SpringerLink
Log in

Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification

  • Conference paper
  • First Online:
Applications of Evolutionary Computation (EvoApplications 2020)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12104))

Abstract

Ransomware has emerged as a grave cyber threat. Many of the existing ransomware detection and classification models use datasets created through dynamic or behaviour analysis of ransomware, hence known as behaviour-based detection models. A big challenge in automated behaviour-based ransomware detection and classification is high dimensional data with numerous features distributed into various groups. Feature selection algorithms usually help to deal with high dimensionality for improving classification performance. In connection with ransomware detection and classification, the majority of the feature selection methods used in existing literature ignore the varying importance of various feature groups within ransomware behaviour analysis data set. For ransomware detection and classification, we propose a two-stage feature selection method that considers the varying importance of each of the feature groups in the dataset. The proposed method utilizes particle swarm optimization, a wrapper-based feature selection algorithm, for selection of the optimal number of features from each feature group to produce better classification performance. Although the proposed method shows comparable performance for binary classification, it performs significantly better for multi-class classification than existing feature selection method used for this purpose.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.virustotal.com/gui/home/upload.

  2. 2.

    https://virusshare.com/ is an online malware repository that produces active malware samples to security researchers.

  3. 3.

    https://cuckoosandbox.org/.

References

  1. Alhawi, O.M.K., Baldwin, J., Dehghantanha, A.: Leveraging machine learning techniques for windows ransomware network traffic detection. In: Dehghantanha, A., Conti, M., Dargahi, T. (eds.) Cyber Threat Intelligence. AIS, vol. 70, pp. 93–106. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-73951-9_5

    Chapter  Google Scholar 

  2. Ambusaidi, M.A., He, X., Nanda, P., Tan, Z.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)

    Article  MathSciNet  Google Scholar 

  3. Brewer, R.: Ransomware attacks: detection, prevention and cure. Netw. Secur. 2016(9), 5–9 (2016)

    Article  Google Scholar 

  4. Burnap, P., French, R., Turner, F., Jones, K.: Malware classification using self organising feature maps and machine activity data. Comput. Secur. 73, 399–410 (2018)

    Article  Google Scholar 

  5. Cabaj, K., Gawkowski, P., Grochowski, K., Osojca, D.: Network activity analysis of cryptowall ransomware. Przeglad Elektrotechniczny 91(11), 201–204 (2015)

    Google Scholar 

  6. Cai, J., Luo, J., Wang, S., Yang, S.: Feature selection in machine learning: a new perspective. Neurocomputing 300, 70–79 (2018)

    Article  Google Scholar 

  7. Continella, A., et al.: ShieldFS: a self-healing, ransomware-aware filesystem. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 336–347. ACM (2016)

    Google Scholar 

  8. Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley, Hoboken (2012)

    MATH  Google Scholar 

  9. Cusack, G., Michel, O., Keller, E.: Machine learning-based detection of ransomware using SDN. In: Proceedings of the 2018 ACM International Workshop on Security in Software Defined Networks & Network Function Virtualization, pp. 1–6. ACM (2018)

    Google Scholar 

  10. Eberhart, R., Kennedy, J.: A new optimizer using particle swarm theory. In: Proceedings of the 6th International Symposium on Micro Machine and Human Science, pp. 39–43. IEEE (1995)

    Google Scholar 

  11. Fagioli, A.: Zero-day recovery: the key to mitigating the ransomware threat. Comput. Fraud Secur. 2019(1), 6–9 (2019)

    Article  Google Scholar 

  12. Feizollah, A., Anuar, N.B., Salleh, R., Wahab, A.W.A.: A review on feature selection in mobile malware detection. Digit. Invest. 13, 22–37 (2015)

    Article  Google Scholar 

  13. Groot, J.D.: A history of ransomware attacks: the biggest and worst ransomware attacks of all time, January 2019. https://digitalguardian.com/blog/history-ransomware-attacks-biggest-and-worst-ransomware-attacks-all-time#4. Accessed 03 Jan 2019

  14. Guyon, I., Elisseeff, A.: An introduction to variable and features selection. J. Mach. Learn. Res. 3, 1157–1182 (2003)

    MATH  Google Scholar 

  15. Huang, D.Y., et al.: Tracking ransomware end-to-end. In: Proceedings of 2018 IEEE Symposium on Security and Privacy, vol. 2018-May, pp. 618–631. IEEE (2018)

    Google Scholar 

  16. Khalid, S., Khalil, T., Nasreen, S.: A survey of feature selection and feature extraction techniques in machine learning. In: Proceedings of 2014 Science and Information Conference, pp. 372–378. IEEE (2014)

    Google Scholar 

  17. Kharaz, A., Arshad, S., Mulliner, C., Robertson, W., Kirda, E.: UNVEIL: a large-scale, automated approach to detecting ransomware. In: Proceedings of 25th USENIX Security Symposium, pp. 757–772. USENIX Association (2016)

    Google Scholar 

  18. Kharraz, A., Kirda, E.: Redemption: real-time protection against ransomware at end-hosts. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) RAID 2017. LNCS, vol. 10453, pp. 98–119. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66332-6_5

    Chapter  Google Scholar 

  19. Kharraz, A., Robertson, W., Balzarotti, D., Bilge, L., Kirda, E.: Cutting the gordian knot: a look under the hood of ransomware attacks. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) DIMVA 2015. LNCS, vol. 9148, pp. 3–24. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-20550-2_1

    Chapter  Google Scholar 

  20. Kolodenker, E., Koch, W., Stringhini, G., Egele, M.: PayBreak. In: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, pp. 599–611. ACM (2017)

    Google Scholar 

  21. Maiorca, D., Mercaldo, F., Giacinto, G., Visaggio, C.A., Martinelli, F.: R-packdroid: API package-based characterization and detection of mobile ransomware. In: Proceedings of the Symposium on Applied Computing, pp. 1718–1723. ACM (2017)

    Google Scholar 

  22. Miranda, L.J.V., et al.: PySwarms: a research toolkit for particle swarm optimization in Python. J. Open Source Softw. 3(21), 433 (2018)

    Article  Google Scholar 

  23. Mistry, K., Zhang, L., Neoh, S.C., Lim, C.P., Fielding, B.: A micro-GA embedded PSO feature selection approach to intelligent facial emotion recognition. IEEE Trans. Cybern. 47(6), 1496–1509 (2016)

    Article  Google Scholar 

  24. Mohurle, S., Patil, M.: A brief study of wannacry threat: ransomware attack 2017. Int. J. Adv. Res. Comput. Sci. 8(5), (2017)

    Google Scholar 

  25. Monika, Zavarsky, P., Lindskog, D.: Experimental analysis of ransomware on windows and android platforms: evolution and characterization. Procedia Comput. Sci. 94, 465–472 (2016)

    Google Scholar 

  26. O’Brien, D., DiMaggio, J., Nguyen, H.G.: Targeted Ransomware: An ISTR Special Report. Whitepaper, Symantec Corporation (2019)

    Google Scholar 

  27. Pedregosa, F., et al.: Scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12(Oct), 2825–2830 (2011)

    MathSciNet  MATH  Google Scholar 

  28. Rossum, G.: Python library reference. Technical report (1995)

    Google Scholar 

  29. Scaife, N., Carter, H., Traynor, P., Butler, K.R.B.: Cryptolock (and drop it): stopping ransomware attacks on user data. In: Proceedings of the 36th International Conference on Distributed Computing Systems, pp. 303–312. IEEE (2016)

    Google Scholar 

  30. Sgandurra, D., Muñoz-González, L., Mohsen, R., Lupu, E.C.: Automated dynamic analysis of ransomware: benefits, limitations and use for detection. Computing Research Repository abs/1609.03020 (2016)

    Google Scholar 

  31. Shi, Y., Eberhart, R.C.: Parameter selection in particle swarm optimization. In: Porto, V.W., Saravanan, N., Waagen, D., Eiben, A.E. (eds.) EP 1998. LNCS, vol. 1447, pp. 591–600. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0040810

    Chapter  Google Scholar 

  32. Souri, A., Hosseini, R.: A state-of-the-art survey of malware detection approaches using data mining techniques. Hum.-Centric Comput. Inf. Sci. 8(1) (2018). https://doi.org/10.1186/s13673-018-0125-x

  33. Sun, Z.L., Huang, D.S., Cheung, Y.M., Liu, J., Huang, G.B.: Using FCMC, FVS, and PCA techniques for feature extraction of multispectral images. IEEE Geosci. Remote Sens. Lett. 2(2), 108–112 (2005)

    Article  Google Scholar 

  34. Xue, B., Zhang, M., Browne, W.N., Yao, X.: A survey on evolutionary computation approaches to feature selection. IEEE Trans. Evol. Comput. 20(4), 606–626 (2016)

    Article  Google Scholar 

  35. Young, A.L., Yung, M.: Cryptovirology. Commun. ACM 60(7), 24–26 (2017)

    Article  Google Scholar 

  36. Zhang, Y., Wang, S., Phillips, P., Ji, G.: Binary PSO with mutation operator for feature selection using decision tree applied to spam detection. Knowl.-Based Syst. 64, 22–31 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Engineering and Computer Science, Victoria University of Wellington, P.O. Box 600, Wellington, 6140, New Zealand

    Muhammad Shabbir Abbasi, Harith Al-Sahaf & Ian Welch

  2. Department of Computer Science, University of Agriculture Faisalabad, Faisalabad, Punjab, Pakistan

    Muhammad Shabbir Abbasi

Authors
  1. Muhammad Shabbir Abbasi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Harith Al-Sahaf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ian Welch
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Muhammad Shabbir Abbasi .

Editor information

Editors and Affiliations

  1. University of Granada, Granada, Spain

    Pedro A. Castillo

  2. Université Le Havre Normandie, Le Havre, France

    Juan Luis Jiménez Laredo

  3. Universidad de Extremadura, Mérida, Spain

    Francisco Fernández de Vega

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Abbasi, M.S., Al-Sahaf, H., Welch, I. (2020). Particle Swarm Optimization: A Wrapper-Based Feature Selection Method for Ransomware Detection and Classification. In: Castillo, P.A., Jiménez Laredo, J.L., Fernández de Vega, F. (eds) Applications of Evolutionary Computation. EvoApplications 2020. Lecture Notes in Computer Science(), vol 12104. Springer, Cham. https://doi.org/10.1007/978-3-030-43722-0_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43722-0_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43721-3

  • Online ISBN: 978-3-030-43722-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation